WiMAX is a telecommunications technology aimed at providing wireless data communication over relatively long distances. WiMAX is based on the IEEE 802.16e standard.
FIG. 1 illustrates a portion of a conventional WiMAX system according to the current IEEE 802.16e standard (the Wi Forum Network Architecture—Stage 2, Part 1—Release 1.1.1). The system in FIG. 1 provides wireless services such as communication sessions (e.g., data sessions, voice sessions, multimedia sessions, etc.) to endpoints such as the plurality of mobile nodes M1, M2, M3, . . . , MN using a mobile Internet Protocol (IP) framework, which is well-known in the art. A communication session refers to an active communication between two or more endpoints such as mobile nodes.
As discussed herein, the term “mobile node” refers to electronic devices having wireless communication capabilities, such as, a cellular phone, personal digital assistant (PDA), smartphone, laptop computer, etc. More generally, mobile node refers to any electronic device capable of changing its point of attachment from one network or subnetwork to another.
Referring to FIG. 1, the system includes a plurality of access service networks (ASNs) ASN1 and ASN2, a visited connectivity service network V-CSN and a home connectivity service network H-CSN. In conjunction with one another, access service networks ASN1 and ASN2, the visited connectivity service network V-CSN and the home connectivity service network H-CSN provide communications services to one or more mobile nodes M1-MN.
Each of ASN1 and ASN2 represents a communication network that provides mobile nodes with wireless access to a wired network. The access service networks ASN1 and ASN2 may be provided by a network access provider (NAP). An example access service network is a WiMAX access service network, which provides a WiMAX radio access infrastructure to WiMAX network service providers (NSPs). Although only two access service networks are shown in FIG. 1, it is well-known in the art that a WiMAX system may include any number of access service networks.
The access service network ASN1 includes one or more base stations 32-1. As discussed herein, a base station 32-1 represents any suitable device or system that provides wireless services to one or more mobiles M1 and M2 present in the coverage area or cell of the base station 32-1. As is well-known in the art, a base station comprises suitable devices operable to provide wireless services to mobile nodes located in its corresponding coverage area or cell. The base station 32-1 communicates with an ASN gateway (ASN-GW) 36-1, which is also included in access service network ASN1.
As is well-known, the ASN-GW 36-1 is a logical entity that represents an aggregation of control plane functional entities that are either paired with a corresponding function in the access service network ASN1 (e.g., an instance of a base station), a resident function in a CSN (e.g., V-CSN or H-CSN) or a function in another ASN. The ASN-GW 36-1 may also perform bearer plane routing or bridging functions.
As is well-known, each mobile node is associated with a base station, which is typically associated with a single default ASN-GW. However, ASN-GW functions for every mobile node may be distributed among multiple ASN-GWs located in one or more ASN(s).
Still referring to FIG. 1, the ASN-GW 36-1 includes a foreign agent (FA) 44-1 and an authenticator 52-1. As is well-known, the foreign agent 44-1 is a network entity (e.g., a router) that provides routing services to mobile nodes registered with the access service network ASN1. The foreign agent 44-1 routes data to and from mobile nodes currently registered with the access service network ASN1. The foreign agent 44-1 receives data intended for mobile nodes in the access service network ASN1 from the mobile nodes' assigned home agent (e.g., home agent 48 located in the visited connectivity service network V-CSN).
The well-known authenticator 52-1 is a network entity that authenticates requests for access from mobile nodes upon entering the access service network ASN1. Although authenticator 52-1 is shown as separate from foreign agent 44-1 within the ASN-GW 36-1, the authenticator 52-1 may be co-located with the foreign agent 44-1 at any suitable location.
As noted above, the system in FIG. 1 also includes access service network ASN2, which includes one or more base stations 32-2 and an ASN-GW 36-2. The ASN-GW 36-2 includes a foreign agent 44-2 and an authenticator 52-2. Each of these components and functions performed therein are the same as the corresponding components described above with regard to access service network ASN1. Thus, a description of these components is omitted.
The system in FIG. 1 further includes a visited connectivity service network V-CSN and a home connectivity service network H-CSN. Generally, a connectivity service network (CSN) is a set of network functions that provide Internet Protocol (IP) connectivity services to WiMAX subscriber(s) (mobile nodes). A CSN may provide, for example, IP addresses and endpoint parameter allocations to mobile nodes for user sessions, Internet access, AAA server, policy and admission control based on user subscription profiles, ASN-CSN tunneling support, WiMAX subscriber billing and inter-operator settlement, inter-CSN tunneling for roaring, inter-ASN mobility, WiMAX services such as location based services, and connectivity for peer-to-peer services, provisioning, authorization and/or connectivity to IP multimedia services.
As is well-known, a CSN may comprise network elements such as routers, AAA servers, user databases, interworking gateway mobile nodes. A CSN may be deployed as part of, for example, a WiMAX service provider network.
More specifically, the visited connectivity service network V-CSN represents a communication network that provides mobility management for mobiles served by access service networks ASN1 and ASN2 and also provides other operations, for example, authorization operations, host configuration management operations, etc. The visited connectivity service network V-CSN is normally provided by a network service provider (NSP).
Although the visited connectivity service network V-CSN includes all of the above-mentioned components and functionality, only a single home agent 48 and an authentication, authorization, and/or accounting (AAA) function 40 are shown for the sake of clarity. As is well-known, home agent 48 is a network entity (e.g., router) that tunnels datagrams to a mobile node when the mobile node is away from its home network. A tunnel is a path followed by a datagram while encapsulated. The home agent 48 also maintains the current location of mobile nodes to which it is assigned.
The home agent 48 is selected and assigned to serve a communication session of a particular mobile by the AAA server 42 in the home connectivity service network H-CSN and/or the AAA function 40 in the visited connectivity service network V-CSN based on policies and configurations set by the network service provider.
Within the home connectivity service network H-CSN and the visited connectivity service network V-CSN, respectively, the AAA server 42 and the AAA server 40 are network entities (e.g., servers) that provide AAA-related services (e.g., authentication, authorization, accounting, or any combination thereof) associated with a mobile node's subscription. The AAA server 42 and the AAA server 40 differ in that the AAA server 40 is located in the visited connectivity service network (V-CSN) and the AAA server 42 is located in the home connectivity service network H-CSN. Moreover, as will be described in more detail below, the AAA server 40 also differs from the AAA server 42 in that the AAA server 40 may be subordinate to the AAA server 42 in selecting and assigning a home agent to a communication session of a particular mobile. For example, the AAA server 42 may delegate the selection and assignment of the home agent to the AAA server 40 in the visited connectivity service network V-CSN. For example, if main AAA functionality is expected from the H-CSN, then the AAA server 40 in the connectivity service network V-CSN acts as the proxy transporting information to the AAA server 42 in the connectivity service network H-CSN. For the sake of clarity, the AAA server acting as a proxy will be referred to as AAA function.
As is well-known in the art, authentication refers to validating the identity of a mobile node, authorization refers to authorizing a level of service for a mobile node, and accounting refers to tracking resource usage for the mobile node.
The system shown in FIG. 1 utilizes the mobile IP framework. According to the current mobile Internet Protocol version 4 (MIPv4) security framework specified in Internet Engineering Task Force (IETF) RFC3344, tunneling between foreign agent 44-1 and home agent 48 associated with a communication session for mobile node M1 uses a security association based on a security key commonly known to the foreign agent 44-1 and home agent 48 (hereinafter referred to as an FA-HA key).
In this example, the FA-HA key is computed by the authenticator 52-1 in the serving access service network ASN1 based on a home agent security key (hereinafter referred to as an HA-RK key), its associated context and IP addresses of the assigned foreign agent 44-1 (FA-IP) and the home agent 48 (HA-IP). As is well-known, the HA-RK key is a unique 160-bit random number generated by the AAA server 42 for each home agent. The context of each HA-RK key includes the lifetime (or life expiration time) of the HA-RK key and a security parameters index (SPI). The lifetime of the HA-RK key indicates how long the HA-RK key is to be used. More specifically, the lifetime of the HA-RK key specifies for how long the security association (based on the HA-RK) will be valid before re-authentication. The SPI is used to differentiate between different FA-HA keys generated based on respective HA-RK keys. The HA-RK key is also sent to the authenticator 52-1.
As noted above, the authenticator 52-1 computes the FA-HA key based on the received HA-RK key, its associated context and IP addresses of the assigned foreign agent 44-1 (FA-IP) and the home agent 48 (HA-IP). Accordingly, an FA-HA key is generated for each pair of foreign agent and home agent. In other words, a FA-HA key is generated per tunnel between foreign agent 44-1 and home agent 48. The authenticator 52-1 provides the computed FA-HA key to the foreign agent 44-1 for use in communicating with the home agent 48 assigned to the mobile's communication session.
A conventional HA-RK key and FA-HA key deployment scenario will now be described with respect to the system shown in FIG. 1.
Referring to FIG. 1, mobile nodes M1 and M2 located in access service network ASN1 are authenticated by AAA server 42 via the authenticator 52-1. Mobile node M3 located in access service network ASN2 authenticates with AAA server 42 via authenticator 52-2. Both access service networks ASN1 and ASN2 are served by the same local AAA function 40, and as such, all authentication transactions are routed via the AAA function 40.
During authentication, the AAA function 40 recommends its local services (including an assignment of local home agent 48 to each mobile M1-M3 and generation of an HA-RK key for the home agent 48) to the AAA server 42.
Based on its local policy, the AAA server 42 decides whether to assign the home agent 48 to the mobile M1 based on the recommendation of the AAA function 40. Assuming the AAA server 42 decides to do so, the AAA server 42 generates an HA-RK key HA-RK1-1 and associated context (hereinafter referred to as HA-RK key and context HA-RK1-1) for the home agent 48. The AAA server 42 sends the HA-RK key and context HA-RK1-1 to the AAA function 40, which forwards it to authenticator 52-1, and subsequently to the home agent 48 during mobile IP registration.
The AAA server 42 also transmits the IP address of the home agent (HA-IP) to the AAA function 40, which forwards it to authenticator 52-1 at the ASN-GW 36-1.
The ASN-GW 36-1 including the authenticator 52-1 serves as the AAA client for EAP-based subscription authentication transaction.
Upon receiving the HA-RK key and context HA-RK1-1, the authenticator 52-1 generates a corresponding FA-HA key FA-HA1-1 for the tunnel between foreign agent 44-1 and home agent 48, and sends the same to the foreign agent 44-1. The same FA-HA key FA-HA1-1 is also computed by the home agent 48. The FA-HA key FA-HA1-1 serves as the security key for datagrams tunneled between foreign agent 44-1 and home agent 48.
Turning now to mobile node M2, if the AAA server 42 again accepts the recommendation of the AAA function 40, the AAA server 42 assigns the home agent 48 to the mobile node M2 and generates the HA-RK key and context HA-RK1-2 for the home agent 48. The AAA server 42 sends the HA-RK key and context HA-RK1-2 to the AAA function 40, which forwards it to authenticator 52-1, and subsequently to the home agent 48 during mobile IP registration.
Upon receiving the HA-RK key and context HA-RK1-2, the authenticator 52-1 generates a corresponding FA-HA key FA-HA1-2 for the tunnel between foreign agent 44-1 and home agent 48, and sends the same to the foreign agent 44-1. The same FA-HA key FA-HA1-2 is also computed by the home agent 48. The FA-HA key FA-HA1-2 serves as another security key for datagrams tunneled between foreign agent 44-1 and home agent 48.
Turning to mobile node M3, if the AAA server 42 again assigns the home agent 48 based on the recommendation of the AAA function 40, the AAA server 42 generates another HA-RK key and context HA-RK2-3 for the home agent 48. The AAA server 42 sends the HA-RK key and context HA-RK2-3 to the AAA function 40, which forwards it to authenticator 52-2, and subsequently to the home agent 48 during mobile IP registration.
Upon receipt of the HA-RK key and context HA-RK2-3, the authenticator 52-2 generates a corresponding FA-HA key FA-HA2-3 for the tunnel between the foreign agent 44-2 and the home agent 48, and sends the same to the foreign agent 44-2. The same FA-HA key FA-HA2-3 is also computed by the home agent 48. The FA-HA key FA-HA2-3 serves as the security key for datagrams tunneled between foreign agent 44-2 and home agent 48.
In this example, if the mobile node M1 subsequently relocates into access service network ASN2, the foreign agent 44-2 requests another FA-HA key FA-HA2-1 (key for a tunnel between the foreign agent 44-2 and home agent 48) from the authenticator 52-1. The authenticator 52-1 generates the FA-HA key FA-HA2-1 based on the HA-RK key and context HA-RK1-1 maintained at the authenticator 52-1 and sends the same to the foreign agent 44-2. The same FA-HA key FA-HA2-1 is also generated at the home agent 48. The FA-HA key FA-HA2-1 also serves as the security key for datagrams tunneled between foreign agent 44-2 and home agent 48.
Referring back to FIG. 1, the lifetime and SPI of HA-RK keys are managed by the AAA server 42 that assigns the HA-RK key and context. The AAA server 42 is responsible for generating and delivering a new HA-RK key and context to each authenticator 52-1, 52-2 and/or home agent 48 prior to the expiration of an active HA-RK key and context at the authenticators 52-1, 52-2.
During any EAP authentication procedure, if the AAA server 42 recognizes that the remaining lifetime of an active HA-RK key at, for example, authenticator 52-1 or home agent 48 is less than the newly assigned master session key (MSK) lifetime, the AAA server 42 sends a new HA-RK context to the authenticator 52-1 and the home agent 48.
As the result of successful EAP-based subscription authentication procedure, both the EAP client (e.g., the mobile node M1) and the EAP server (the AAA server 42) generate the MSK. The AAA server 42 assigns the lifetime for this MSK based on its policy. The lifetime (or life expiration time) of the MSK specifies for how long this security association will be valid before re-authentication. Both MSK and MSK lifetime are subsequently delivered to the authenticator 52-1 at the end of the EAP authentication procedure.
Typically, the AAA server 42 does not retain a knowledge of previous security associations distributed for a given pair of HA and authenticator, because they are associated with different authentication events. For the AAA server 42 it would be troublesome to maintain a knowledge of whether or not any HA-RK key in the authenticator is currently within its allocated lifetime. Therefore, at the completion of a new authentication event, the AAA server 42 creates and sends a new random HA-RK key. Typically, the AAA server 42 sets the lifetime of the HA-RK at least equal to, or longer than a lifetime of the new MSK. This way the security association lifetime of the FA-HA tunnel is not limited by the subscription authentication lifetime.
Currently, however, upon receipt of a new HA-RK key and context at authenticator 52-1 or home agent 48, older versions of HA-RK keys and contexts are not immediately deprecated or deleted. Instead, each HA-RK key remains active until expiration of its lifetime. As a result, multiple HA-RK keys and contexts must be maintained at the authenticator 52-1 and home agent 48 at all times.
In the above example, the HA-RK security keys are provided by the AAA server 42 via the AAA function 40. In another example, however, the AAA function 40 may generate and send HA-RK security keys to the authenticators 52-1, 52-2 and home agent 48. In this process, when mobile node M1 accesses visited connectivity service network V-CSN, the AAA function 40 suggests the local home agent 48 to the AAA server 42. If the AAA server 42 agrees with the recommendation (after checking its policies), the agreement is communicated back to the AAA function 40. The AAA function 40 then assigns the home agent 48 to the mobile node M1 and also assigns an HA-RK security key in the same manner as described above with regard to the AAA server 42.
Conventionally, for a given mobile node authenticators 52-1, 52-2 are selected based on a deployment configuration of a serving system, but cannot be predicted by an associated AAA or home agent 48. Similarly, the home agent 48 is selected based on policies of the AAA server 42, but cannot be predicted by the associated authenticator 52-1, 52-2 or foreign agent 44-1, 44-2. As a result, the home agent 48 and/or the authenticator 52-1, 52-2 may concurrently receive different HA-RK security keys for the same given association between authenticator and home agent.
The lack of coordination between the HA-RK security keys results in the creation of a plurality of tunnels and security associations for the same home agent-foreign agent pair. The resulting plurality of security associations results in ambiguity at the home agent and the authenticator.
More generally, if there are N AAA servers involved in home agent assignment and P authenticators involved in FA-HA key distribution (wherein each authenticator is associated with M AAA servers and M≦N), then the home agent must maintain at least N×P keys, each authenticator must maintain at least M keys, and each foreign agent must maintain at least M×P keys.